WinSCP-User used Windows registry as storage before switching to INI file. After switching to use INI the user sets a master password. The passwords in the INI file are now encrypted with AES while passwords in the registry are not. So even though the user set a master password, thinking his passwords are safe, they are still easily decryptable from the registry.
While it is possible to encrypt the old storage by changing the configuration storage to Windows registry press OK and switch back to the new storage, setting a master password should automatically encrypt the old and new storage in my opinion.